Openjdk
OpenSSL
This dependencies can be resolved on Debian based distributions through:
sudo apt-get update
sudo apt-get install openssl openjdk-6-jdk
This dependencies can be resolved on RedHat based distributions through:
yast2 -i openssl java-1_6_0-openjdk
1. Install PMES-COMPSs Service:
1.1 Checkout the project from PMES SVN:
http://venus-c.sourceforge.net/
1.2 Install the pmes-compss on the system:
sudo dpkg -i pmes-compss-X.X.deb (Debian based distros)
sudo rpm -i pmes-compss-X.X.rpm (RedHat based distros)
rm -rf pmes-compss-*
1.3 Configure pmes system user:
sudo passwd pmes
sudo login pmes
ssh-keygen -t dsa
ssh-copy-id -i ~/.ssh/id_dsa.pub pmes@HOSTNAME
2. Prepare private key and public PMES-COMPSs certificates
2.1 Create the PMES-COMPSs private key store:
cd /home/pmes/certs/
keytool -genkey -alias your_client_alias -keyalg RSA -keystore /path/to/keystore_file
Example:
keytool
-genkey -alias pmes
-keyalg RSA -keystore keystore
Enter keystore password: <somePassword> Re-enter new password: <somePassword>
What is your first and last name?
[Unknown]: venusc-pmes.bsc.es (Must be the hostname of the machine).
What is the name of your organizational unit?
[Unknown]: Computer Sciences
What is the name of your organization?
[Unknown]: Barcelona Supercomputing Center
What is the name of your City or Locality?
[Unknown]: Barcelona
What is the name of your State or Province?
[Unknown]: Spain
What is the two-letter country code for this unit?
[Unknown]: ES
Is CN=venusc-pmes.bsc.es, OU=Computer Sciences, O=Barcelona Supercomputing Center, L=Barcelona, ST=Spain, C=ES correct?
[no]: yes
Enter key password for pmes (RETURN if same as keystore password): [return]
Important: By now, the key password must be the same as the keystore password.
2.2. Create your client's public certificate from PMES-COMPSs private key store:
keytool -export -alias your_client_alias -keystore /path/to/keystore_file -file /path/to/certificate_file
Example:
keytool -export -alias pmes -keystore keystore -file pmesCert.cer
Enter keystore password:
Certificate stored in file <pmesCert.cer>
3. PMES-COMPSs & Tomcat Configuration:
3.1. PMES- COMPSs service configuration:
vi /home/pmes/conf/PMESConfig.xml
<!-- PMES Service Configuration --> <PMESConfig> <!-- PMES Configuration --> <PMES> <Address>https://HOSTNAME/pmes/factory</Address> <User>pmes</User> <TempDir>/home/pmes/tmp</TempDir> <UserDBFile>/home/pmes/conf/usersdb</UserDBFile> <Scheduler>com.bsc.pmes.jobmanager.jobscheduler.SJNScheduler</Scheduler> <!-- Max allowed time per job (minutes) --> <MaxJobWallClock>360</MaxJobWallClock> <!-- Update logs time (minutes) --> <UpdateLogsTime>1</UpdateLogsTime> <!-- Job expiration control (minutes) --> <FinishedExpTime>120</FinishedExpTime> <CancelledExpTime>120</CancelledExpTime> <FailedExpTime>120</FailedExpTime> <ExpCheckTime>5</ExpCheckTime> </PMES> <!-- Resources Configuration --> <RESOURCES> <!-- CLOUD Provider Configuration --> <CLOUD> <Connector> <Provider>BSC</Provider> <Server>https://HOSTNAME:PORT/...</Server> <Implementation>com.bsc.pmes.connectors.emotive.DRP</Implementation> <Properties> <Property> <Name>Cert</Name> <Value>/home/pmes/certs/cert.p12</Value> <Deploy>/home/user/certs/</Deploy> </Property> <Property> <Name>VMTemplates</Name> <Value>/home/pmes/conf/connectors/emotive/templates/emotive.xml</Value> </Property> </Properties> </Connector> <User>user</User> <!-- Maximum allowed VM creation time in minutes --> <MaxVMCreationTime>10</MaxVMCreationTime> <!-- Application deploy path on provider VM --> <DeploymentPath>/home/user/apps</DeploymentPath> <!-- Shared space mountpoint on virtual instances --> <WorkingDir> <Path>/sharedDisk</Path> <Shared>true</Shared> </WorkingDir> <Resources> <!-- Defines a pool of pre-started VMs for speeding up job submissions --> <StaticPool> <Resource image="debianbase"> <Instances>2</Instances> <CPU>1</CPU> <MEM>1.0</MEM> <Disk>1.0</Disk> <Arch>x86_64</Arch> </Resource> </StaticPool> <!-- Maximum of system cores --> <MaxCores>44</MaxCores> <!-- Maximum of system memory --> <MaxMemory>112</MaxMemory> </Resources> </CLOUD> </RESOURCES> <!-- COMPSs Configuration --> <COMPSs> <Location>/opt/COMPSs/Runtime</Location> <Connector>integratedtoolkit.connectors.emotivecloud.DRPSecureClientConnector_2</Connector> <WorkingDir>/home/user/IT</WorkingDir> <!-- COMPSs job monitoring frequency (seconds) --> <MonitorFreq>3</MonitorFreq> <!-- Master VM Specs --> <!--<Master> <CPU>1</CPU> <MEM>2.0</MEM> <Disk>2.0</Disk> <Arch>x86_64</Arch> </Master>--> <!-- COMPSs service resources (OPTIONAL) --> <Services> <!-- Service resource definition example --> <Service> <Name>HmmerObjects</Name> <WSDL>http://HOSTNAME:PORT/servicepath?wsdl</WSDL> <Namespace>http://hmmerobj.worker</Namespace> <Port>HmmerObjectsPort</Port> <Tasks>3</Tasks> </Service> </Services> </COMPSs> <!-- Accounting Configuration (OPTIONAL) --> <ACCOUNTING> <EndPoint>http://HOSTNAME:PORT/usagetracker/rest</EndPoint> <User>user</User> <Password>password</Password> <Owner>ORGANIZATION</Owner> </ACCOUNTING> <!-- Storage adaptors map --> <ADAPTORS> <Adaptor> <Protocol>ftp</Protocol> <Implementation>com.bsc.pmes.jobmanager.datastager.FTPDataStager</Implementation> </Adaptor> <Adaptor> <Protocol>http</Protocol> <Implementation>com.bsc.pmes.jobmanager.datastager.CDMIDataStager</Implementation> </Adaptor> <Adaptor> <Protocol>gcubestorage</Protocol> <Implementation>com.bsc.pmes.jobmanager.datastager.GStorageDataStager</Implementation> </Adaptor> ... </ADAPTORS> </PMESConfig>
3.2. Tomcat http secure channel configuration:
vi /home/pmes/apache-tomcat/conf/server.xml
In Tomcat service.xml configuration file add:
<Connector port="8443" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/pmes/certs/keystore"
keystorePass="<KeystorePassword>"/>
Then start the service:
source ~/.bashrc
/home/pmes/apache-tomcat/bin/catalina.sh start
4. System users configuration:
4.1. Basice security: create a users database file:
· vi /home/pmes/conf/usersdb
Add users following the pattern that can be found below:
user1:hashedpassword1
user2:hashedpassword2
...
usern:hashedpasswordn
Hash the default assigned passwords through:
echo -n “mypassword” | md5sum | cut -f1 -d' '
Important: If the user named “admin” is created, this can act as superuser managing all system jobs.